Problem with DSS ciphersuites

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with DSS ciphersuites

Nadav Golombick
I am trying to perform a handshake using DSS cipher suites. Everytime
I attempt it, I get a no shared cipher message.
The certificate I am using contains RSA certificates and DSA public
and private keys (chained certificate).
What am I doing wrong?

--
Nadav Golombick
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Problem with DSS ciphersuites

Victor B. Wagner
On 2005.11.14 at 08:08:07 +0200, Nadav Golombick wrote:

> I am trying to perform a handshake using DSS cipher suites. Everytime
> I attempt it, I get a no shared cipher message.
> The certificate I am using contains RSA certificates and DSA public
> and private keys (chained certificate).
> What am I doing wrong?

Have you provided DH parameters for key exchange?
As far as I remember all DSS-based ciphersuites use DH for key exchange
and need DH parameters available for server. Some server software is
able to generate temporary DH parameters, but not all.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Problem with DSS ciphersuites

Nadav Golombick
I have added the DH parameters and I know they are okay since regualr
DH sessions work. The problem is when switch RSA to DSA

On 11/14/05, Victor B. Wagner <[hidden email]> wrote:

> On 2005.11.14 at 08:08:07 +0200, Nadav Golombick wrote:
>
> > I am trying to perform a handshake using DSS cipher suites. Everytime
> > I attempt it, I get a no shared cipher message.
> > The certificate I am using contains RSA certificates and DSA public
> > and private keys (chained certificate).
> > What am I doing wrong?
>
> Have you provided DH parameters for key exchange?
> As far as I remember all DSS-based ciphersuites use DH for key exchange
> and need DH parameters available for server. Some server software is
> able to generate temporary DH parameters, but not all.
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>


--
Nadav Golombick
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]